Search form

DNS Defense. Your Critical DNS Firewall.

DNS Defense

A DNS Firewall is Essential to Your Network Security

Every connection with the Internet starts with a DNS query. Your users rely on DNS to make connections to mission critical applications, websites and resources on your network. Malware must use DNS to communicate back to their command and control servers to deliver ransomware, steal your data, or turn your network into a botnet for criminal use. This is why a DNS Firewall is absolutely essential to your network security.

ThreatSTOP DNS Defense delivers a DNS Firewall with continuous updates containing IP addresses and domains used by threat actors to intercept dangerous and unwanted traffic heading out of your network. With this, traffic can be blocked, monitored, or redirected to safe locations, such as a walled-garden.

How It Works

Pick the DNS Server you want to transform into a DNS Firewall. Select standard policies or create your own custom policy in our customer portal.

Apply any number of action rules. For example, attempts to contact botnet C&C servers can simply be denied, while users who click on phishing links see a redirection to a walled garden.

All rules are automatically downloaded from the portal and are added to the BIND DNS server configuration files. The DNS server automatically downloads the policy and applies it to all lookups it receives.

The policy is automatically updated (by default this is every two hours) so that the policy can block new threats and no longer block access to locations that have been remediated.

RPZ takes action based on the domain name queried (QNAME), the IP address returned (RPZ IP) or the fully qualified domain name (FQDN) or IP address of any of the name servers used in the resolution process (NS IP and NS DNAME).